CVE-2019-11201
Last modified
CVE-2019-11201 is a vulnerability of currently unknown severity. Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. EPSS estimates a 2.24% chance of exploitation in the next 30 days.
Description
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the same page, which specifies the inclusion of dynamic content. Thus, a lower privileged user of the application can execute code under the context and permissions of the underlying web server.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dolibarr | Dolibarr Erp\/Crm | 9.0.1 |
References
- https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilitiesExploit, Third Party Advisory
- https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilitiesExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-11201?
How severe is CVE-2019-11201?
How do I fix CVE-2019-11201?
Are you affected by CVE-2019-11201?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST